Monday, June 23, 2008

We typically hear about malware makers taking aim at Windows systems – which makes sense given the large install base – but with the rise in popularity of Apple and its OS X operating system, more and more we’re seeing dangerous malware, viruses and Trojans now being targeted for the Mac, too.

A new Trojan reported by SecureMac is an example of that, with the security vendor saying that variants of the AppleScript.THT Trojan horse spotted in the wild could affect users of Mac OS X Tiger and Leopard. The Trojan exploits a vulnerability within the Apple Remote Desktop Agent enabling complete access to a user’s system. It can log keystrokes, take screen shots, take pictures with the iSight camera, and enable file sharing, all while avoiding detection by opening ports in the firewall and turning off system logging.

The vulnerability is rated critical and in order to get infected a user must first download and install the malicious file, which is being distributed as both a compiled AppleScript or as an application bundle. SecureMac of course took the opportunity to pitch its MacScan antispyware security software as a solution for against this threat.

Thursday, June 12, 2008

Beijing, June 12: Brushing aside accusations that it was hacking computers in the US, China Thursday asked Washington "not to be paranoid" and instead do more to contribute to mutual understanding and trust.

"China is still a developing country. Do you believe that our science and technology are so sophisticated that it even scares the US," Foreign Ministry spokesman Qin Gang said at a regular bi-weekly media briefing here.

US congressman Frank Wolf had claimed a few days ago that FBI had found that four of his computers had been hacked by sources in China and similar intrusions had occurred in case of other members also.

Earlier too, US authorities said they were investigating whether China's operatives had secretly copied the contents of a US government laptop computer during the visit of Commerce Secretary Carlos M Gutierrez to China in December last and used the information to hack into Commerce Department computers.

Beijing had dismissed these allegations as "totally groundless."

Officials in Britain and Germany had also last year claimed that their computers were hacked from China.

"I have taken note of the relevant report (about US congressman's charge). I do not know whether you believe in such accusations and whether they are solid," Qin said.

He said China and the US had been having frequent exchanges in recent years. "You can just interview any US citizen travelling or doing business in China and find out whether his computer has been hacked."

"So, we urge the US side not to be paranoid. Instead, they should do more to contribute to our mutual understanding and mutual trust," he said.

Tuesday, June 10, 2008

3 Internet providers agree to block child porn

Internet providers Verizon, Sprint and Time Warner Cable have agreed to block access to child pornography and eliminate the material from their servers, New York's attorney general said Tuesday.

The companies also will pay $1.1 million to help fund efforts to remove the online child porn created and disseminated by users through their services, Attorney General Andrew Cuomo said. The changes will affect customers nationwide.

Investigators said they found 88 newsgroups devoted to child pornography in an investigation over six to eight months. More than 11,000 images were collected using software that identifies child pornography by tracking patterns in the pixels of the images, Cuomo's office said.

Cuomo said the companies acted immediately when told of the concern. He said it was essential to work with the Internet providers rather than trying to prosecute thousands of users.

"There's no doubt this is a tough issue," Cuomo said at a news conference.

"People are very creative and there is a market for this filth," he said. "We have to work together."

The agreements follow an undercover investigation of child porn newsgroups. Cuomo said in a prepared statement that his investigation of other service providers is continuing. He has used similar probes and the possibility of civil or criminal charges to extract concessions on Internet safety in the past.

Time Warner Cable acted as soon as it learned that users were posting objectionable material and eliminated the newsgroups, a mainstay of the Internet from its early days, said spokesman Alex Dudley.

He emphasized that Time Warner didn't host or provide any of the content and was simply a portal, allowing groups to be created with content provided by the users.

"As soon as we were made aware of the issue ... we took steps to correct," Dudley said Tuesday.

"There are people doing whatever they do on the Internet all the time and we can't possibly scan every use group," he said. "But there are some things we can do and as soon as it's brought to our attention, we work very quickly."

"The tension there is between allowing customers the ability to communicate with their privacy rights protected, and preventing people from doing things that are illegal," Rabe said.

Verizon and Time Warner Cable are two of the five largest internet service providers in the world. Verizon has 8.2 million subscribers and Time Warner Cable's Road Runner has 7.9 million. Sprint is one of the three largest wireless companies in the United States.

"We are doing our part to deter the accessibility of such harmful content through the internet and we are providing monetary resources that will go toward the identification and removal of online child pornography," said Sprint spokesman Matthew Sullivan. "We embrace this opportunity to build upon our own long-standing commitment to online child safety."

I have enclosed some interesting job postings I received. I hope they are able to help. Information Security positions are amongst the highest positions available in the IT Sector. Good Luck… and just Kellep A. Charles referred you.

T-Mobile USA, Inc. is seeking a Specialist 2, Info Tech Administration - to act as an agent for the continuous, effective operation of corporate systems in the T-Mobile US Enterprise, ensuring connectivity and providing world...

Accenture is seeking a Webserver Administrator with experience in Crystal Reports administration, and, Windows administration. Organization: Public Service Location: Rosslyn, VA If you join Accenture you can make great ideas happen for some of the...

Accenture is seeking an Oracle Database Administrator within the San Antonio Delivery Center as a member of the Technology Infrastructure and Operations team. Organization: ANSS - Systems Integration & Technology Location: San Antonio, TX If...

Monday, June 9, 2008

Kenya, Uganda and Tanzania are in the process of adopting harmonized cyber laws to enable the establishment of e-government and e-commerce programs, according to the East African Community, the intergovernmental organization representing these three countries with a population totaling 82 million people. The cyber laws will cover data security, network security, cyber crime, information systems and electronic transactions.

"Senior government officials responsible for drafting cyber laws have already finished their job," Ugandan State Minister for Information James Buturo told the IDG News Service recently. "What is remaining now is parliament approval and the formulation of harmonized cyber laws."

Supported by the United Nations and Canada, the East African Community is expected to follow the process already started by the South African Development Community. That region - including South Africa - began harmonizing its laws to prosecute cyber criminals operating across national boundaries. Similar cybercrime laws should be in place by the end of 2007.

In United States, phishing is becoming one of the fastest evolving classes of identity theft scams on the Internet, causing both short-term losses and long-term economic damage. In a phishing scam, the identity thief poses as a legitimate person from a reputable company to try to entice people to visit bogus Web sites, where they are asked to reveal important personal information, such as credit card data. Although most phishing attacks target the financial industry, a growing number of phishing incidents target other sectors, such as retailers, online game operators and Internet Service Providers.

In 2003 and 2004, several financial institutions like the Bank of America, Bank One, Citizens Bank, U.S. Bank, SunTrust, MBNA, Wells Fargo and Visa were the victims of phishing attacks. Today, national banks are not the only targets of phishing. Many of the phishing attacks in United States now target regional banks and credit unions. A total of 42 local banks across 23 states in United States were spoofed in phishing attacks between June and September 2006

What is "Phishing"?

Phishing is a form of activity in which phishers try to obtain personal information, such as credit card details, consumer e-mail passwords or bank account passwords by pretending to originate from a reliable and valid source. Phishing is used by identity thieves by using a variety of entrapping methods to ferret out the personal information of innocent Internet users.When an e-mail is received which appears to come from a consumer's bank and asks to log in onto the consumer"s banking account to keep the account active, it is known as technically- engineered phishing. These attempts to gain a consumer's personal and confidential information are known as phishing attacks.

What is Spear Phishing?

Spear phishing is a method in which e-mails appearing to be authentic are sent to all employees or members of a particular company, government agency, organization or group. The message will look as though it is coming from an employer or from a colleague of that company who has sent the e-mail to obtain login information. Spear phishing scams endeavor to procure access to a company's whole computer system.

What is Vishing?

Obtaining credit card information illegally, using VoIP (Voice over Internet Protocol) phone calls is known as vishing. Vishers benefit from the inexpensive anonymous Internet calling available through VoIP services, which also permit the offender to use simple software programs to set up a professional- sounding automatic customer service line. Furthermore, unlike most phishing attacks, which purport to be from a genuine organization, would not normally use e-mail to ask for personal information from accountholders, vishing, in fact, imitates an emblematic bank protocol in which banks encourage clients to call and confirm information.Phishing activity is rising rapidly in United States. One reason is that there is a high rate of broadband Internet usage in the United States. This provides a fertile ground for botnet-hijacked computers. Many of the phishing attacks are hosted in a compromised computer that is a part of a botnet. Typically, in the United States, phishers prefer to begin their attacks in the morning so that victims will receive the e-mail, when they first check their inbox. Another rationale for this tactic is that if an attack is hosted in the U.S and is launched in the early hours of the morning within a U.S time zone, it is not easy to reach the Internet Service Provider.

Conclusion:Over the past six months, Internet users in the United States have received numerous e-mail attacks The financial services sector continues to remain the most common targeted industry sector for phishing attacks. Generally, an ordinary phishing attack can cost a financial institution $50 and $60 per account negotiated, or a total of approximately $50,000 for each attack. Phishing poses a serious threat, since the methods of attack are continuously evolving and because phishers are often difficult to track and apprehend.

Thursday, June 5, 2008

When analyzing a compromised Windows system, investigators and systemadministrators can glean enormously useful information aboutattackers' actions by looking through the Windows registry, ahierarchical database storing tens of thousands of settings on amodern Windows box. Whether an outside attacker compromised the box,an inside employee engaged in nefarious activities, or malwareinexplicably infected the machine, the Windows registry containswonderful gems of information for investigators. In this tip, we'lllook at what information investigators can gather about user activityvia the registry.

Wednesday, June 4, 2008

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

Comment on this article in The Forum.One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.

There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood.

Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that the chief executive officer of a security firm that belonged to Bennett’s trade group told him that federal officials had hired the CEO’s company to investigate the blackout for evidence of a network intrusion, and to “reverse engineer” the incident to see if China had played a role.

Bennett, who now works as a private consultant, said he decided to speak publicly about these incidents to point out that security for the nation’s critical electronic infrastructures remains intolerably weak and to emphasize that government and company officials haven’t sufficiently acknowledged these vulnerabilities.

The Florida Blackout

A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”

The power company has blamed “human error” for the incident, specifically an engineer who improperly disabled safety backups while working on a faulty switch. But federal officials are still investigating the matter and have not issued a final report, a spokeswoman for the Federal Energy Regulatory Commission said. The industry source, who conducts security research for government and corporate clients, said that hackers in China have devoted considerable time and resources to mapping the technology infrastructure of other U.S. companies. That assertion has been backed up by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources are probing U.S. government and commercial networks.

Asked whether Washington knew of hacker involvement in the two blackouts, Joel Brenner, the government’s senior counterintelligence official, told National Journal, “I can’t comment on that.” But he added, “It’s certainly possible that sort of thing could happen. The kinds of network exploitation one does to explore a network and map it and learn one’s way around it has to be done whether you are going to … steal information, bring [the network] down, or corrupt it.… The possible consequences of this behavior are profound.”

Brenner, who works for Director of National Intelligence Mike McConnell, looks for vulnerabilities in the government’s information networks. He pointed to China as a source of attacks against U.S. interests. “Some [attacks], we have high confidence, are coming from government-sponsored sites,” Brenner said. “The Chinese operate both through government agencies, as we do, but they also operate through sponsoring other organizations that are engaging in this kind of international hacking, whether or not under specific direction. It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.”

The Central Intelligence Agency’s chief cyber-security officer, Tom Donahue, said that hackers had breached the computer systems of utility companies outside the United States and that they had even demanded ransom. Donahue spoke at a January gathering in New Orleans of security executives from government agencies and some of the nation’s largest utility and energy companies. He said he suspected that some of the hackers had inside knowledge of the utility systems and that in at least one case, an intrusion caused a power outage that affected multiple cities. The CIA didn’t know who launched the attacks or why, Donahue said, “but all involved intrusions through the Internet.”

Donahue’s public remarks, which were unprecedented at the time, prompted questions about whether power plants in the United States had been hacked. Many computer-security experts, including Bennett, believe that his admission about foreign incidents was intended to warn American companies that if intrusions hadn’t already happened stateside, they certainly could. A CIA spokesman at the time said that Donahue’s comments were “designed to highlight to the audience the challenges posed by potential cyber intrusions.” The CIA declined National Journal’s request to interview Donahue.

Cyber-Espionage

In addition to disruptive attacks on networks, officials are worried about the Chinese using long-established computer-hacking techniques to steal sensitive information from government agencies and U.S. corporations.

Brenner, the U.S. counterintelligence chief, said he knows of “a large American company” whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, “The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.’ They had to have got this by hacking into [the company’s] systems.”

Bennett told a similar story about a large, well-known American company. (Both he and Brenner declined to provide the names of the companies.) According to Bennett, the Chinese based their starting points for negotiation on the Americans’ end points.

Two sources also alleged that the hacking extends to high-level administration officials.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior executives of U.S. corporations who also had their electronics “slurped” while on business in China. The source said he believes, based on conversations with U.S. officials, that the Gutierrez compromise was a source of considerable concern in the Bush administration. Another source with knowledge of the incident corroborated the computer-security expert’s account.

National Journal had a series of conversations with Rich Mills, a Commerce Department spokesman. Asked whether spyware or other malicious software code was found on any electronic devices used by Gutierrez or people traveling with him in China in December 2007, Mills said he “could not confirm or deny” the computer-security expert’s allegations. “I cannot comment on specific [information-technology] issues, but the Department of Commerce is actively working to safeguard sensitive information.” Mills added that the source had provided some inaccurate information, but he did not address the veracity of the source’s claim that the delegation was electronically compromised.

“China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat,” said Brenner, who served for four years as inspector general of the National Security Agency, the intelligence organization that electronically steals other countries’ secrets. Brenner said that the American company’s experience “is an example of how hard the Chinese will work at this, and how much more seriously the American corporate sector has to take the information-security issue.” He called economic espionage a national security risk and said that it makes little difference to a foreign power whether it steals sensitive information from a government-operated computer or from one owned by a contractor. “If you travel abroad and are the director of research or the chief executive of a large company, you’re a target,” he said.

“Cyber-networks are the new frontier of counterintelligence,” Brenner emphasized. “If you can steal information or disrupt an organization by attacking its networks remotely, why go to the trouble of running a spy?”

Stephen Spoonamore, CEO of Cybrinth, a cyber-security firm that works for government and corporate clients, said that Chinese hackers attempt to map the IT networks of his clients on a daily basis. He said that executives from three Fortune 500 companies, all clients, had document-stealing code planted in their computers while traveling in China, the same fate that befell Gutierrez.

Spoonamore challenged U.S. officials to be more forthcoming about the breaches that have occurred on their systems. “By not talking openly about this, they are making a truly dangerous national security problem worse,” Spoonamore said. “Secrecy in this matter benefits no one. Our nation’s intellectual capital, industrial secrets, and economic security are under daily and withering attack. The oceans that surround us are no protection from sophisticated hackers, working at the speed of light on behalf of nation-states and mafias. We must cease denying the scope, scale, and risks of the issue. I, and a growing number of my peers believe our nation is in grave and growing danger.”

A Growing Threat

Brenner said that Chinese hackers are “very good and getting better all the time.… What makes the Chinese stand out is the pervasive and relentless nature of the attacks that are coming from China.”

The issue has caught Congress’s attention. Rep. Jim Langevin, D-R.I., who chairs the Homeland Security panel’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, said that his staff has examined a range of hacker networks, from criminal syndicates to nationally supported groups. “China has been a primary concern,” he said. The deepest penetrations into U.S. systems have been traced back to sources within China, Langevin noted.

(At a hearing last week, Langevin said that the private sector, which owns the vast majority of U.S. information networks, including those that operate power plants, dams, and other critical infrastructure, had taken a “halfhearted approach” to improving security. He cited a new report by the Government Accountability Office, which found that the Tennessee Valley Authority, the nation’s largest power generator, “has not fully implemented appropriate security practices to secure the control systems and networks used to operate its critical infrastructures.” Langevin said that the TVA “risks a disruption of its operations as the result of a cyber-incident, which could impact its customers,” and he expressed “little confidence that industry is taking the appropriate actions.”)

The Chinese make little distinction between hackers who work for the government and those who undertake cyber-adventures on its behalf. “There’s a huge pool of Chinese individuals, students, academics, unemployed, whatever it may be, who are, at minimum, not discouraged from trying this out,” said Rodger Baker, a senior China analyst for Stratfor, a private intelligence firm. So-called patriotic-hacker groups have launched attacks from inside China, usually aimed at people they think have offended the country or pose a threat to its strategic interests. At a minimum the Chinese government has done little to shut down these groups, which are typically composed of technologically skilled and highly nationalistic young men. Officially, Chinese military and diplomatic officials say they have no policy of attacking other governments’ systems.

“This has been a growing wave in recent years,” Brenner said, attributing China’s cyber-tactics to its global economic and political ambitions. “The Chinese are out to develop a modern economy and society in one generation.… There is much about their determination that is admirable. But they’re also willing to steal a lot of proprietary information to do it, and that’s not admirable. And we’ve got to stop it as best we can.”

High-profile penetrations of government systems have been occurring for several years. In 2007, an unidentified hacker broke into the e-mail system for Defense Secretary Robert Gates’s office, and the Pentagon shut down about 1,500 computers in response. But officials said that the intrusion caused no harm. In 2006, a State Department employee opened an e-mail containing a Trojan horse, a program designed to install itself on a host machine to give a hacker covert access. As a result, officials cut off Internet access to the department’s East Asia and Pacific region, but the department suffered no long-term problems.

The Homeland Security Department, which is responsible for protecting civilian computer systems, suffered nearly 850 attacks over a two-year period beginning in 2005, officials have said. In one instance, they found that a program designed to steal passwords had been installed on two of the department’s network servers. In these and other incidents, there is considerable debate about whether the intruders stole truly valuable information that could compromise U.S. strategy or ongoing operations.

“The penetrations we’ve seen are on unclassified systems, which are obviously less protected than classified systems,” Brenner said.

Private Sector Foot-Dragging

There is little indication that cyber-intrusions, however menacing, have severely impaired government operations for very long. So why are so many officials increasingly sounding the alarm about network attacks, Chinese hacking and espionage, and the advent of cyberwar?

Part of the answer lies in officials’ most recent appraisals of the cyber-threat. They cite evidence that attacks are increasing in volume and appear engineered more to cause real harm than sporadic inconvenience. Without naming China, Robert Jamison, the top cyber-security official at DHS, told reporters at a March briefing, “We’re concerned that the intrusions are more frequent, and they’re more targeted, and they’re more sophisticated.”

“In terms of breaches within government systems, it’s something that has happened quite a bit over the last six, seven years,” says Shannon Kellogg, the director of information-security policy for EMC Corp., which owns RSA, a top cyber-security research firm. “But the scale of these types of breaches and attacks seems to have increased substantially.”

Government officials are more concerned now than in recent years about the private sector’s inability, or unwillingness, to stop these pervasive attacks. When Donahue, the CIA cyber-security officer, warned the gathering in New Orleans about foreign hackings of power plants, some saw it as a direct challenge to American companies.

“Donahue wouldn’t have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now,” Alan Paller, the highly regarded director of research at the SANS Institute, told The Washington Post at the time. (SANS, a cyber-security research and education group, sponsored the January meeting in New Orleans.) Another security expert noted that in the previous 18 months, there had been “a huge increase in focused attacks on our national infrastructure networks … and they have been coming from outside the United States.”

In comments posted on Wired magazine’s Danger Room blog, which is trafficked by many techno-elites who are skeptical of the administration’s more boisterous public warnings, Donahue’s remarks about power plants drew support. Michael Tanji, a former intelligence officer with the Defense Intelligence Agency, said that the comments weren’t part of a government plot to hype the threat. “Having worked with [Donahue] on these and related issues in the past, I regret to inform conspiracy theorists that he is virulently allergic to hyperbole,” Tanji said. “I’ve long been a skeptic of claims about being able to shut down the world from the Net.… But after today, I’m starting to come around to the idea that the ignorance or intransigence of utility system owners just might merit a more robust response than has been undertaken to date.”

Tanji’s remarks pointed to one of the most nettlesome realities of cyber-security policy. Because most of the infrastructure in the United States is privately owned, the government finds it exceptionally difficult to compel utility operators to better monitor their systems. The FBI and DHS have established formal groups where business operators can disclose their known vulnerabilities privately. (Companies fear that public exposure will decrease shareholder confidence or incite more hackings.) But membership in these organizations isn’t compulsory. Furthermore, many of the systems that utility operators use were designed by others. Intelligence officials now worry that software developed overseas poses another layer of risk because malicious codes or backdoors can be embedded in the software at its creation. U.S. officials have singled out software manufacturers in emerging markets such as, not surprisingly, China.

Military Response

The intelligence community’s and private sector’s vocal warnings and dire suspicions of Chinese hackers join a chorus of concern emanating from the Defense Department in recent months. In the most recent annual report on China’s military power, the Defense Department declared publicly for the first time that attacks against government and commercial computer networks in 2007 appear to have emanated from China. “Numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within” the People’s Republic of China. Although not claiming that the attacks were conducted by the Chinese government, or officially endorsed, the declaration built upon the previous year’s warning that the People’s Liberation Army is “building capabilities for information warfare” for possible use in “pre-emptive attacks.”

The military is not waiting for China, or any other nation or hacker group, to strike a lethal cyber-blow. In March, Air Force Gen. Kevin Chilton, the chief of U.S. Strategic Command, said that the Pentagon has its own cyberwar plans. “Our challenge is to define, shape, develop, deliver, and sustain a cyber-force second to none,” Chilton told the Senate Armed Services Committee. He asked appropriators for an “increased emphasis” on the Defense Department’s cyber-capabilities to help train personnel to “conduct network warfare.”

The Air Force is in the process of setting up a Cyberspace Command, headed by a two-star general and comprising about 160 individuals assigned to a handful of bases. As Wired noted in a recent profile, Cyberspace Command “is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum and that computers are military weapons.” The Air Force has launched a TV ad campaign to drum up support for the new command, and to call attention to cyberwar. “You used to need an army to wage a war,” a narrator in the TV spot declares. “Now all you need is an Internet connection.”

Defense and intelligence officials have been surprised by China’s cyber-advances, according to the U.S-China Economic and Security Review Commission. In November, the commission reported that “Chinese military strategists have embraced … cyberattacks” as a weapon in their military arsenal. Gen. James Cartwright, the former head of U.S. Strategic Command and now the vice chairman of the Joint Chiefs, told the commission that China was engaged in cyber-reconnaissance, probing computer networks of U.S. agencies and corporations. He was particularly concerned about China’s ability to conduct “denial-of-service” attacks, which overwhelm a computer system with massive amounts of automatically generated message traffic. Cartwright provocatively asserted that the consequences of a cyberattack “could, in fact, be in the magnitude of a weapon of mass destruction.”

A former CIA official cast the cyber-threat in a similarly dire terms. “We are currently in a cyberwar, and war is going on today,” Andrew Palowitch, who’s now a consultant to U.S. Strategic Command, told an audience at Georgetown University in November. STRATCOM, headquartered at Offutt Air Force Base in Nebraska, oversees the Defense Department’s Joint Task Force-Global Network Operations, which defends military systems against cyber-attack. Palowitch cited statistics, provided by Cartwright, that 37,000 reported breaches of government and private systems occured in fiscal 2007. The Defense Department experienced almost 80,000 computer attacks, he said. Some of these assaults “reduced” the military’s “operational capabilities,” Palowitch noted.

Presidential Attention

President Bush has personally devoted more high-level attention to the cyberattack issue in the last year or so than he did in the first six years of his tenure combined. Many security experts are surprised that the administration is only now moving to take dramatic measures to improve the security of government networks, because some Cabinet-level and White House officials have been warning about the threat for years to just about anyone who will listen.

Until McConnell, the national intelligence director, personally drove the point home to Bush in an Oval Office meeting in 2006, there was little top-level support for a comprehensive government cyber-security plan. “They ignored it,” one former senior administration official said flatly. “McConnell has the president’s ear.”

McConnell, a former director of the National Security Agency, whose main job is to intercept foreign communications intelligence but which is also responsible for protecting U.S. classified information and systems, takes the computer-security issue as seriously as his counter-terrorism mission. After McConnell left the NSA, in 1996, he took over the intelligence practice at Booz Allen Hamilton, where he again turned to security problems, particularly within the nation’s financial infrastructure. Working with officials from the New York Stock Exchange, McConnell developed a report for the government on network vulnerabilities; he has said that it was so revealing, the administration decided to classify it.

Lawrence Wright of The New Yorker reported earlier this year that McConnell told Bush during the 2006 Oval Office meeting, “If the 9/11 perpetrators had focused on a single U.S. bank through cyberattack and it had been successful, it would have had an order-of-magnitude greater impact on the U.S. economy.” According to Wright, the president was disturbed, and then asked Treasury Secretary Henry Paulson Jr., who was at the meeting, if McConnell was correct; Paulson assured the president that he was.

Brenner confirmed Wright’s account as “a true story.” And separately, a former senior administration official told National Journal of another dimension. In that meeting, McConnell also told the president that White House communications systems could be targeted for attack just as other U.S. government systems had been targeted. The intelligence chief was telling the president, “If the capability to exploit a communications device exists, we have to assume that our enemies either have it, or are trying to develop it,” the former official said.

This meeting compelled the White House to craft an executive order laying out a broad and ambitious plan to shore up government-network defenses. Known internally as “the cyber-initiative,” it was formally issued in January. The details remain classified, but it has been reported that the order authorizes the National Security Agency to monitor federal computer networks. It also requires that the government dramatically scale back the number of points at which federal networks connect to the public Internet. The Office of Management and Budget has directed agencies to limit the total number of Internet “points of presence” to 50 by June.

Limiting connection points is analogous to pulling up drawbridges in order to defend the government’s cyber-infrastructure. Security experts interviewed for this story said that it shows how little the government can do, at least for now, to ward off intrusions if the first line of defense is to “unplug.”

Mixed Reactions

Under the president’s cyber-initiative, the Homeland Security Department will be responsible for monitoring government agencies apart from the Defense Department. In March, Homeland Security Secretary Michael Chertoff told National Journal that the first step is “to survey all the points” of presence. “We have no final number yet.”

“The agencies’ networks have grown very haphazardly. No one really knows where [the connections to the Internet] are,” said Bruce McConnell, who was the chief of information technology and policy in the Office of Management and Budget. He left government in 2000. “Trying to catalogue where things are so you could turn them off is a daunting task in and of itself,” said McConnell, who is not related to the intelligence chief.

Bush’s cyber-initiative has received mixed reviews. Generally, cyber-experts favor a comprehensive approach, and they are relieved that the issue finally has the president’s full attention. But some question how the program is being implemented—under a cloak of secrecy and with a heavy reliance on the intelligence community.

The sharpest criticisms are directed at the NSA, an intelligence agency whose traditional mandate is to collect information coming from outside the United States; it has no customary role monitoring networks inside the country, although this has changed in the years following the 9/11 attacks. It’s not clear just how far the government’s monitoring of computer networks will extend into the private sector and precisely what role the NSA will play tracking networks inside the United States, but lawmakers have already raised concerns that the cyber-initiative will creep into domestic intelligence-gathering. The same kinds of technologies that are used to monitor networks for viruses and other malicious threats could be used to track domestic communications. On May 2, DHS’s top overseers sent a letter to Chertoff questioning “the secrecy of the project.” Sens. Joe Lieberman, ID-Conn., and Susan Collins, R-Maine, the chairman and ranking member of the Homeland Security and Governmental Affairs Committee, respectively, noted that the department had requested an additional $83 million for its National Cyber Security Division; DHS had already been allocated $115 million for the cyber-initiative in the 2008 omnibus appropriations bill. “This would be a nearly $200 million increase, tripling the amount of money spent on cyber-security in DHS since 2007,” the senators wrote. The full cost of implementing the president’s cyber-initiative is estimated to be $30 billion. The entire 2009 budget request for the Homeland Security Department is about $50 billion.

Marc Sachs, who was the director for communication infrastructure protection in the White House Office of Cyberspace Security in 2002, praised the administration for taking a bold initial step. But he said that the level of attention is 10 years overdue. Sachs noted that in 1998, President Clinton issued a directive that set ambitious infrastructure-protection goals. “I intend that the United States will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber-systems,” Clinton wrote.

Without pointing to particular policies, Brenner, the counterintelligence chief, said, “We need to take these policy declarations that we’ve had for 10 years and turn them into practical reality.” He said the job of securing cyberspace is hardly as simple as “put two padlocks on the door.… This is an incredibly open and porous and, in many cases, wireless system. Controlling cyber-security is like controlling the air flow in a large, segmented building complex in a noxious neighborhood. You cannot be sure you are keeping all the noxious stuff out. What you’ve got to say is, gee, in the infirmary, we’ve really got to deal differently than we do in the lobby.”

False Accusations?

Given the political fallout that could stem from a proven Chinese attack on power plants or theft of government secrets—not to mention the pressure to launch some sort of military response—skeptics have asked whether the Chinese really are behind so many high-profile incidents.

Brenner affirmed the widely held view that it’s technologically difficult to attribute the exact source of any cyberattack and that the government needs better technologies to do so. But despite his assurances that the government has indeed sourced cyber-intrusions to China, others urge caution.

“We want to find a natural enemy, so we’re looking everywhere,” Sachs said. He noted that some hackers launch their attacks through computers based in other countries, and that China is an easy mask. “I think all of us should remember that not everything you see online is truthful.”

Another former administration official echoed those sentiments. “I think it’s a little bit naive to suggest that everything that says it comes from China comes from China,” said Amit Yoran, the first director of DHS’s National Cyber Security Division, who left the post in 2004.

But there is little to no doubt, including among skeptics, that China is vigorously pursuing offensive cyber-capabilities. Military analysts say that the Chinese know their armed forces cannot match America’s in a head-on confrontation, and they realize their nuclear arsenal pales in comparison. These imbalances have forced Chinese military planners to adopt what the Pentagon calls “asymmetric” techniques—tactics that aim at a foe’s vulnerabilities—in order to counter, or at least deter, U.S. military power.

“There has been much writing on information warfare among China’s military thinkers, who indicate a strong conceptual understanding of its methods and uses,” according to the Pentagon’s annual report on China’s military power. The report stated that “there is no evidence of a formal Chinese … doctrine” but noted that the People’s Liberation Army has “established information-warfare units to develop viruses to attack enemy computer systems and networks.”

U.S. military officials see cyber-warfare as one arrow in a quiver of asymmetric techniques to disrupt an enemy’s command-and-control systems. The Chinese strategy, according to this line of thinking, is not to defeat U.S. military forces but to make it harder for them to operate.

China’s military history has been defined by asymmetric warfare, said Harry Harding, an expert on Chinese domestic politics and U.S.-China relations, who teaches at George Washington University’s Elliott School of International Affairs. Cyber-warfare is just one of the more recent tactics. If the U.S. government tries to protect its systems, the Chinese will simply attack the private sector; he cited the financial services industry as an obvious target. “I have no doubt that China is doing this,” Harding said.

Bennett, the former head of the Cyber Security Industry Alliance, said that if China has penetrated power plants and the power grid, it serves as a show of force to the United States and is likely meant to deter any U.S. military intervention on behalf of Taiwan. He noted that the Florida blackout occurred only a few days after the Navy shot down a failing U.S. satellite with a missile designed to intercept inbound ballistic missiles. A year earlier, the Chinese had downed one of their own satellites in orbit. The Bush administration has pursued ballistic missile defense systems, and Taiwan has sought that technology from the United States.

Cyberwar

The Chinese are not alone, of course, in their pursuit of cyber-warfare. The Air Force is setting up the Cyberspace Command, the 10th command in the service’s history.

“The next kind of warfare will be asymmetric warfare,” Gen. William Lord, the provisional commander, said during a roundtable discussion at the Council of Foreign Relations in March. “Who is going to take on the United States Army, Marine Corps, U.S. Air Force, and U.S. Navy as probably the most powerful force on the face of the planet?”

Lord didn’t limit his remarks to China. He said that cyber-criminals and other “bad guys” were as much a concern for the military. He also pointed to a massive cyberattack launched last year against computers in Estonia, in which Russian hackers—perhaps operating at Moscow’s behest—tried to take down the country’s systems in retaliation for Estonia’s decision to move a statue commemorating fallen Soviet troops, a statue that Russians living in Estonia love but that native-born Estonians don’t. The attack has been billed as the first “cyberwar” because of the overwhelming electronic force brought to bear on the tiny country of 1.3 million people.

“I had an opportunity to speak with the minister of defense from Estonia,” Lord said. “He was attacked by 1 million computers.”

The Estonia attack probably shook nerves more than it caused long-term damage. But it served as a potent example of how determined, coordinated hackers could gang up on a foreign government. It has also created profound policy questions about what qualifies as war in cyberspace.

“The problem with this kind of warfare,” Lord said, “is determining who is the enemy, what is their intent, and where are they, and then what can you do about it?”

Brenner, the senior U.S. counterintelligence official, said, “Another country knows that if it starts taking out our satellites, that would be an act of war.” But “if they were to take out certain parts of our infrastructure, electronically, that could be regarded as an act of war,” he said. “It’s not my job to say that.”

NATO officials are reluctantly struggling with that question, too. At a ministerial meeting last June, Defense Secretary Gates asked the allied members to consider defining cyberattacks in the context of traditional warfare. Cyberwar is still abstract, and there are no international conventions that govern military conduct on a digital battlefield.

“The U.S. government doesn’t really have a policy on the use of these techniques,” said Michael Vatis, a former director of the FBI’s National Infrastructure Protection Center. “The closest analogy is to covert actions,” he said, meaning spy operations undertaken by intelligence agencies against foreign governments. “They take place, and people have strong suspicions about [who’s responsible]. But as long as they’re not able to prove it, there’s very little that they can do about it. And so there’s often not as much outrage expressed.”

Staff Correspondent Bruce Stokes contributed to this article. The author can be reached at sharris@nationaljournal.com

Monday, June 2, 2008

Definition

Cyberstalking can be defined as threatening behavior or unwanted advances directed at another using the Internet and other forms of online and computer communications.

Overview

Cyberstalking is a relatively new phenomenon. With the decreasing expense and thereby increased availability of computers and online services, more individuals are purchasing computers and "logging onto" the Internet, making another form of communication vulnerable to abuse by stalkers.

Similar to stalking off-line, online stalking can be a terrifying experience for victims, placing them at risk of psychological trauma, and possible physical harm. Many cyberstalking situations do evolve into off-line stalking, and a victim may experience abusive and excessive phone calls, vandalism, threatening or obscene mail, trespassing, and physical assault.

Cyberstalking and the Law

With personal information becoming readily available to an increasing number of people through the Internet and other advanced technology, state legislators are addressing the problem of stalkers who harass and threaten their victims over the World Wide Web. Stalking laws and other statutes criminalizing harassment behavior currently in effect in many states may already address this issue by making it a crime to communicate by any means with the intent to harass or alarm the victim.

States have begun to address the use of computer equipment for stalking purposes by including provisions prohibiting such activity in both harassment and anti-stalking legislation (Riveira, 1,2). A handful of states, such as Alabama, Arizona, Connecticut, Hawaii, Illinois, New Hampshire and New York have specifically including prohibitions against harassing electronic, computer or e-mail communications in their harassment legislation. Alaska, Oklahoma, Wyoming, and more recently, California, have incorporated electronically communicated statements as conduct constituting stalking in their anti-stalking laws. A few states have both stalking and harassment statutes that criminalize threatening and unwanted electronic communications. Other states have laws other than harassment or anti-stalking statutes that prohibit misuse of computer communications and e-mail, while others have passed laws containing broad language that can be interpreted to include cyberstalking behaviors (Gregorie).

> Recent federal law has addressed cyberstalking as well. The Violence Against Women Act, passed in 2000, made cyberstalking a part of the federal interstate stalking statute. Other federal legislation that addresses cyberstalking has been introduced recently, but no such measures have yet been enacted. Consequently, there remains a lack of legislation at the federal level to specifically address cyberstalking, leaving the majority of legislative prohibitions against cyberstalking at the state level (Wiredpatrol.org).

If you are a Victim of Cyberstalking

Victims who are under the age of 18 should tell their parents or another adult they trust about any harassments and/or threats.

Experts suggest that in cases where the offender is known, victims should send the stalker a clear written warning. Specifically, victims should communicate that the contact is unwanted, and ask the perpetrator to cease sending communications of any kind. Victims should do this only once. Then, no matter the response, victims should under no circumstances ever communicate with the stalker again. Victims should save copies of this communication in both electronic and hard copy form.

If the harassment continues, the victim may wish to file a complaint with the stalker's Internet service provider, as well as with their own service provider. Many Internet service providers offer tools that filter or block communications from specific individuals.

As soon as individuals suspect they are victims of online harassment or cyberstalking, they should start collecting all evidence and document all contact made by the stalker. Save all e-mail, postings, or other communications in both electronic and hard-copy form. If possible, save all of the header information from e-mails and newsgroup postings. Record the dates and times of any contact with the stalker.

Victims may also want to start a log of each communication explaining the situation in more detail. Victims may want to document how the harassment is affecting their lives and what steps they have taken to stop the harassment.

Victims may want to file a report with local law enforcement or contact their local prosecutor's office to see what charges, if any, can be pursued. Victims should save copies of police reports and record all contact with law enforcement officials and the prosecutor's office.

Victims who are being continually harassed may want to consider changing their e-mail address, Internet service provider, a home phone number, and should examine the possibility of using encryption software or privacy protection programs. Any local computer store can offer a variety of protective software, options and suggestions. Victims may also want to learn how to use the filtering capabilities of email programs to block e-mails from certain addresses.

Finally, under no circumstances should victims agree to meet with the perpetrator face to face to "work it out," or "talk." No contact should ever be made with the stalker. Meeting a stalker in person can be very dangerous.

Potential Effects of Cyberstalking

Just because cyberstalking does not include physical contact with the perpetrator does not mean it is not as threatening or frightening as any other type of crime. Victims of cyberstalking often experience psychological trauma, as well as physical and emotional reactions as a result of their victimization. Some of these effects may include:

changes in sleeping and eating patterns

nightmares

hypervigilance

anxiety

helplessness

fear for safety

shock and disbelief

Victims experiencing these reactions and many others might consider seeking out support from friends, family and victim service professionals in order to cope with the trauma resulting from cyberstalking. In order to locate local victim service professionals that may be able to offer assistance, safety suggestions, and information and referrals, please contact the Helpline of the National Center for Victims of Crime at 1-800-FYI-CALL, 8:30 a.m. to 8:30 p.m., Monday through Friday, Eastern Standard Time.

The criminals somehow got their hands on passwords used to alter domain-name registration information with Comcast's registrar, Network Solutions, said Susan Wade, a Network Solutions spokeswoman. With access to the Comcast.net record, the hackers were able to switch the DNS (Domain Name System) servers associated with Comcast.net and redirect Internet traffic to their own server. They also added offensive comments to the Comcast.net record.

Visitors who went to Comcast's portal between approximately 11 p.m. Eastern time Wednesday and 12:30 a.m. Thursday were greeted with either a "Site under construction" message or a cryptic note reading: "KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven," an apparent reference to the hackers who had compromised the site and to their friends.

This attack is connected to recent defacement of the MySpace.com profiles of Justin Timberlake, Hilary Duff and Tila Tequila, said security researcher Dancho Danchev.

No one knows how the hackers gained access to Comcast's Network Solutions account. In the past, registrars have been tricked into handing over control of Internet domains. But Danchev said that lately, criminals have also been using phishing attacks to try to take control of Web domains.

Throughout Thursday, the Comcast.net Web page continued to experience problems. For many visitors, the page was missing graphics and had the look and feel of an early 1990s Web site.

"We believe that our registration information at the vendor that registers the Comcast.net domain address was altered, which redirected the site, and is the root cause of today’s continued issues as well," Comcast said Tuesday in a statement. " We have alerted law enforcement authorities and are working in conjunction with them.”

Neither Comcast nor Network Solutions can say how the hackers got their hands on the Comcast password, but this type of problem is not unheard of, Wade said. "It's not frequent, but it does happen," she said.

There are steps that companies can take to secure their domain name registration accounts, Wade said. "We tell folks, especially big companies, to consolidate domains so you have someone in charge of all the domains," she said. "We encourage people to update their passwords on a regular basis and make sure the passwords are complicated."